This document outlines GitHub's policy for the coordinated disclosure of security vulnerabilities. It encourages security researchers to report any discovered vulnerabilities to GitHub to help maintain platform safety. The document also introduces GitHub's bug bounty program, which rewards researchers for their efforts in identifying and reporting bugs.

This Privacy Policy template outlines how a company collects, uses, and shares personal information from its users through its website and services. It details the types of data gathered, the purposes for its use, and the circumstances under which it may be disclosed to third parties. The policy also informs users about their data protection rights, particularly those in the European Economic Area.

This document outlines a company's policy on personal data protection, detailing how personal data is collected, processed, stored, and secured. It emphasizes compliance with the EU General Data Protection Regulation (GDPR) and sets forth principles for data handling, employee obligations, and procedures for data breaches and inquiries. The policy also addresses the use of data processors and international data transfers.

This document outlines GitHub's policy and process for requesting the removal of private information from repositories. It defines what constitutes "private information" for removal purposes, focusing on high-risk content like exposed access credentials that pose a specific security risk. The policy details the steps a complainant must follow, including providing specific links and explanations of security risks, and explains how GitHub processes such requests.

This document describes the GitHub Security Incident Response Team (SIRT), outlining its mission to protect GitHub's platform and user data by maintaining confidentiality, integrity, and availability. It provides essential contact information, details the team's operational policies, and explains the scope of its incident response and proactive security activities. The document also guides users and customers on how to report vulnerabilities and access support.

This Cybersecurity Policy outlines the company’s commitment to protecting the confidentiality, integrity, and availability of its information assets through measures such as access control, data protection, incident response, and vendor oversight. It establishes procedures for data handling, employee training, and compliance to ensure adherence to applicable U.S. laws and recognized cybersecurity frameworks.

The GitHub Private Information Removal Policy provides a process for removing high-risk confidential content—such as credentials, tokens, or sensitive diagrams—that poses security threats if exposed in repositories. It is an official GitHub policy, designed to protect users while maintaining platform integrity, and can be trusted as part of GitHub’s broader site governance framework.

The Security Overview page by Basecamp safeguards user data through encryption, redundancy, continuous monitoring, and strict physical and operational security measures. With over 20 years of experience, it emphasizes transparency, trust, and rapid response to any potential security incidents.

This document outlines the process for reporting security vulnerabilities and account attacks related to the company's products. It provides instructions for customers experiencing an attack and for security researchers discovering flaws, directing them to a bug bounty program. The policy also details how the company tracks, investigates, and discloses resolved security issues.

The GitHub Security Incident Response Team (SIRT) Description (RFC 2350) outlines GitHub’s official structure, mission, and procedures for handling security incidents, including vulnerability management, triage, coordination, and resolution. It is an authoritative security policy maintained by GitHub under industry-standard RFC 2350, providing trusted guidance on incident response practices for its users and constituents.